[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 Jan 2012 08:43:08 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Dragonfly BSD SHA2
On 01/18/2012 11:08 AM, Solar Designer wrote:
> You may need to make two or more 64-bit installs of DragonFly (different
> versions - e.g., just after they introduced this SHA-2 stuff vs. latest).
There has only been one release with these crypt types included. I think
they should (at least) include the enclosed diff in order not to break
things in the next release. This would at least stop things from
changing between builds. But I am not gonna try persuade them, they
don't seem interested anyway.
magnum
diff --git a/etc/login.conf b/etc/login.conf
index 2310e98..794c733 100644
--- a/etc/login.conf
+++ b/etc/login.conf
@@ -19,7 +19,7 @@
# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
default:\
- :passwd_format=sha256:\
+ :passwd_format=md5:\
:copyright=/etc/COPYRIGHT:\
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
diff --git a/lib/libcrypt/crypt-sha256.c b/lib/libcrypt/crypt-sha256.c
index ce50c57..e0f1098 100644
--- a/lib/libcrypt/crypt-sha256.c
+++ b/lib/libcrypt/crypt-sha256.c
@@ -45,10 +45,12 @@
char*
crypt_sha256(const char *pw, const char *salt)
{
- static const char *magic = "$3$"; /* Magic string for this
- * algorithm. Easier to change
- * when factored as constant.
- */
+ static const char *magic = "$3$\0sha5"; /* Magic string for this
+ * algorithm. Now hardcoded
+ * with bytes previously
+ * included due to a bug
+ * (so they don't change)
+ */
static char passwd[120], *p;
static const char *sp, *ep;
unsigned char final[SHA256_SIZE];
@@ -76,6 +78,11 @@ crypt_sha256(const char *pw, const char *salt)
SHA256_Update(&ctx, pw, strlen(pw));
/* Then the magic string */
+ /* using 'sizeof' is a bug but we must keep it that way in
+ order not to break old hashes. The magic itself is now
+ prepared so the bug does not cause varying magic but it
+ will (and did) cause different magic between 32-bit and
+ 64-bit builds */
SHA256_Update(&ctx, magic, sizeof(magic));
/* Then the raw salt. */
diff --git a/lib/libcrypt/crypt-sha512.c b/lib/libcrypt/crypt-sha512.c
index 6b58a28..514a6bb 100644
--- a/lib/libcrypt/crypt-sha512.c
+++ b/lib/libcrypt/crypt-sha512.c
@@ -45,10 +45,12 @@
char*
crypt_sha512(const char *pw, const char *salt)
{
- static const char *magic = "$4$"; /* Magic string for this
- * algorithm. Easier to change
- * when factored as constant.
- */
+ static const char *magic = "$4$\0/etc"; /* Magic string for this
+ * algorithm. Now hardcoded
+ * with bytes previously
+ * included due to a bug
+ * (so they don't change)
+ */
static char passwd[120], *p;
static const char *sp, *ep;
unsigned char final[SHA512_SIZE];
@@ -76,6 +78,11 @@ crypt_sha512(const char *pw, const char *salt)
SHA512_Update(&ctx, pw, strlen(pw));
/* Then the magic string */
+ /* using 'sizeof' is a bug but we must keep it that way in
+ order not to break old hashes. The magic itself is now
+ prepared so the bug does not cause varying magic but it
+ will (and did) cause different magic between 32-bit and
+ 64-bit builds */
SHA512_Update(&ctx, magic, sizeof(magic));
/* Then the raw salt. */
@@ -93,6 +100,8 @@ crypt_sha512(const char *pw, const char *salt)
* For-loop form of the algorithm in sha256.c;
* breaks the final output up into 3cols and then base64's each row.
*/
+ /* This is buggy (last 16 bits not included) but if it's fixed, old
+ hashes will cease to work */
for (i = 0; i < 20; i++) {
l = (final[i] << 16) | (final[i + 21] << 8) | final[i + 42];
_crypt_to64(p, l, 4); p += 4;
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
